Will your next claim be approved
— or denied?

The Reality of Cyber Insurance in the UK Today

UK businesses face a stark reality: 43% of organisations experienced a cybersecurity breach or attack in the past 12 months — equivalent to over 612,000 businesses, according to the DSIT Cyber Security Breaches Survey 2025. Yet having cyber insurance is no guarantee of a successful claim.

Securing a policy requires approval from an underwriter, but when a breach occurs, the recovery process heavily involves a claims team. Forensic investigators are primarily tasked with minimising loss, which means getting in quickly, stopping the bleeding, and helping you recover. However, if they find material misstatements or a misalignment between your insurance application and your actual technical reality, they can, and often will, deny a claim they didn't agree to protect against.

In the UK, the stakes extend beyond the insurance claim itself. The Information Commissioner's Office (ICO) issued £19.6 million in fines from just seven enforcement actions in 2025, a 7-fold year-on-year increase in revenue. The Capita breach alone resulted in an ICO settlement of £14 million. These penalties sit alongside your claim and, unlike insurance, are not optional.

43% of UK businesses suffered a cyber breach or attack in the past 12 months — around 612,000 organisations.

Source: DSIT & Home Office, Cyber Security Breaches Survey 2025

The average cost of the most disruptive breach was £3,550 per business (among those with a financial cost). For medium and large businesses, costs escalate dramatically.

Source: DSIT & Home Office, Cyber Security Breaches Survey 2025

The NCSC managed 204 significant or highly significant cyber incidents in the year to September 2025 — roughly one every two days.

Source: NCSC Annual Review / UK Gov Economic Impact of Cyber Attacks Summary, 2025

What goes wrong on a claim?

When a claims adjuster reviews a post-breach forensic report, they are looking for specific discrepancies to deny or reduce the payout. In the UK, this scrutiny is compounded by the ICO's own forensic investigation, which can run in parallel and result in regulatory fines regardless of what your insurer decides.

The Six Claim Killers

1. Material Misrepresentation
   You stated a control (such as MFA) was active on your application, but forensics proved it was turned off, bypassed, or misconfigured at the time of the breach. Under UK contract law and insurance principles, a material misstatement can void your policy entirely.

   
   

2. Lack of Historical Evidence
   The claims team asks for proof that your controls were operating prior to the incident. No logs, no backup audit trail, no policy documentation = no payout. The ICO takes the same view: the absence of records is itself evidence of inadequate data protection governance.

   
   

3. End-of-Life (EOL) Asset Exploitation
   Hackers entered through a legacy Windows Server, an unpatched firewall, or an unsupported system. Many UK policies carry strict EOL exclusion clauses. The NCSC's guidance on vulnerability management is explicit: running unsupported software is an unacceptable risk.

   
   

4. Conflict of Interest / Self-Certification
   The internal IT team that built and maintains the network also signed the compliance audit. When the same professionals design the system and certify its security, unintentional bias or blind spots can mask critical gaps. Insurers and the ICO may challenge the lack of independent validation.

   
   

5. Failure to Maintain Controls
   You purchased the right security tools but left them in default, unmonitored states. Under UK policies this typically triggers a "Failure to Maintain" or "Standard of Care" clause, substantially reducing or voiding your
   payout.

   
   

6. Undocumented Exceptions
   A legacy machine couldn't run an endpoint security agent, but you failed to formally document compensating controls on your application. Without documented exceptions, there is no defence when an adjuster queries the gap.

Want to know the do's and don'ts and see the full checklist? Download below.

Download Checklist

Infoprotect UK Claims Readiness Checklist

Build a defensible position

Or contact Brad Fraser at brad.fraser@infoprotect.co.uk or connect on LinkedIn.